Category
Security
Release Phase
Resolved
ProductSun Ray Server Software 3.0
Sun Ray Server Software 2.0
Bug Id
6319180
Date of Workaround Release07-AUG-2006
Date of Resolved Release03-JAN-2007
Impact
A security vulnerability in the Sun Ray Server 2.0 and 3.x Software (SRSS) utxconfig(1) utility may allow a local unprivileged user the ability to create or overwrite arbitrary files on the system.
Note: utxconfig(1) is the Sun Ray DTU X server configuration utility.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Sun Ray Server Software 2.0 (for Solaris 8 and 9) without patch 114880-10
- Sun Ray Server Software 3.0 (for Solaris 8 and 9) without patch 118979-02
- Sun Ray Server Software 3.1 (for Solaris 8, 9 and 10) without patch 120879-01
x86 Platform
- Sun Ray Server Software 3.1 (for Solaris 10) without patch 120880-01
Linux Platform
- Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0) without patch 119836-02
- Sun Ray Server Software 3.1 (for JDS R2, RHELAS 3.0, SLES 8.0) without patch 120881-01
Notes:
- Sun Ray Server Software 1.x is not affected by this issue.
- Sun Ray Server Software 2.0 is not supported on Solaris 10 or for the x86 Platform.
- Sun Ray Server Software 3.0 is not supported on the Solaris x86 platform. (3.1 only)
- Sun Ray Server Software 3.1 is not supported for Solaris 8 and 9 on the x86 platform. (Solaris 10 only)
To determine the version of Sun Ray Server Software on a system, the following command can be run:
# /usr/bin/pkginfo -l SUNWuto | grep -i version
VERSION: 3.1_32,REV=2005.08.24.08.55
To determine if the utxconfig(1) utility has been installed as part of the Sun Ray server software, the following command can be run:
$ pkginfo SUNWuta
Symptoms
There are no symptoms that would indicate the described issue has occurred.
Workaround
To work around the described issue, temporarily remove the setuid(2) bit from the utxconfig(1) command until the patch can be applied. To apply this change, the following command can be run:
# chmod u-s /opt/SUNWut/bin/utxconfig
Note: Removing the setuid(2) bit from the command may decrease its functionality for non-privileged users.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Sun Ray Server Software 2.0 (for Solaris 8 and 9) with patch 114880-10 or later
- Sun Ray Server Software 3.0 (for Solaris 8 and 9) with patch 118979-02 or later
- Sun Ray Server Software 3.1 (for Solaris 8, 9 and 10) with patch 120879-01 or later
x86 Platform
- Sun Ray Server Software 3.1 (for Solaris 10) with patch 120880-01 or later
Linux Platform
- Sun Ray Server Software 3.0 (for JDS R2, RHELAS 3.0, SLES 8.0) with patch 119836-02 or later
- Sun Ray Server Software 3.1 (for JDS R2, RHELAS 3.0, SLES 8.0) with patch 120881-01 or later
Modification History
Date: 10-AUG-2006
10-Aug-2006:
- Updated Contributing Factors and Resolution sections
Date: 23-AUG-2006
23-Aug-2006:
- Updated Contributing Factors section
Date: 03-JAN-2007
03-Jan-2007:
- Updated Contributing Factors and Resolution sections
- State: Resolved
References
120879-01
120880-01
120881-01
119836-02
118979-02
114880-10
AttachmentsThis solution has no attachment